British Airways has publicly apologised for a security breach that led to the theft of customer names, email addresses and credit card data. It has been reported that the airline, one of the largest in the world, discovered the theft following a sophisticated and malicious criminal cyber-attack affecting its website and mobile app. It has been reported further that around 380,000 transactions are thought to have been affected. BA has stated that they are contacting those customers affected and are advising them to contact their bank and credit card providers.
This is the latest incident in what is, sadly, likely to be a never ending string of cyber-attacks on businesses leading to customer data being compromised. This type of criminal activity has now become the norm and most businesses in the UK are likely to be affected by a cyber-attack at some point in the future. The UK government is so concerned about the threat of cyber-attacks that new laws are to be introduced to try and ensure that organisations responsible for providing major public infrastructure such as energy, health, public transport and utilities take steps to adequately defend against such attacks.
It is essential that all organisations take appropriate steps to ensure that their systems are secure and that their customer data is protected. Complying with the recently introduced Data Protection Act 2018/General Data Protection Regulation (GDPR) is likely to help considerably in accomplishing that objective, however, it is no guarantee that security will be sufficient to prevent all attacks as cyber threats become more and more sophisticated. This is a serious problem for business given that the potential consequences of a significant data breach can include a financial penalty imposed by the Information Commissioner’s Office (ICO) of up to 4% of turnover, a potential drop in share price for listed companies such as BA and compensation claims brought by affected customers who suffer loss and distress. It is expected that compensation claims will increase. Individuals who suffer damage as a direct result of a data protection breach or a misuse of their private information may be able to claim compensation from the organisation responsible depending on the specific circumstances.
BA is advising affected customers to contact their bank and credit card providers and follow their advice. It is possible that customers will be advised to monitor their email, bank and credit card accounts and look out for any suspicious activity. Alternatively, some customers may be advised to change passwords, account numbers and card details.
Stephensons assist private individuals who have been harmed by breaches of privacy and data protection. We also assist businesses and other organisations with a wide range of data protection issues. For assistance, call us now on 01616 966 229.